Transparent SSH for mainframes

Secure shell inventor SSH Communications has released its SSH Tectia Server on IBM's zSeries mainframes. Running on IBM's z/OS 5.2 (MVS as-was), SSH Tectia Server transparently encrypts data and file transfers so that mainframe apps are not even aware of its presence.

According to SSH Comms development director Tero Harjula, the risk for mainframe users is that many applications were designed in the days of SNA and dumb terminals, but today the most common access method is a PC, running 3270 terminal emulation software and connected over TCP/IP.

He demonstrated how easily usernames and passwords can be sniffed from the network, adding: "Many companies don't realize how insecure mainframe communications are, now that they're on TCP."

The SSH solution adds software to both the mainframe and the PC which intercepts network traffic and tunnels it over an encrypted link. The user must now authenticate to the PC as well as to the mainframe app, but as Harjula showed, the mainframe data no longer traverses the LAN in plain text.

He added that one advantage of SSH Tectia is that it works with any application. It also transparently encrypts file transfers and the SSH client can be extended to support other authentication methods at the PC, such as strong authentication via biometrics or a token.

In addition, it works with Unix and Windows servers running SSH Tectia or other SSH servers such as OpenSSH, and it enables the mainframe to authenticate to the client as well..

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.